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Response to Amendment 

1. The amendment filed on February 17, 2009 has been fully considered 
but are not deemed persuasive. 

• 40,43,46-50,52,53,55-57 and 62-64 are presented for examination 

Response to Arguments 

2. Applicant's arguments are not specific enough to address them one-by- 
one. Therefore, the Applicant is referred to the detailed office action below. 

The only limitation that seems new is forwardable flag limitation which is 
implied in the following section of Swift and in Kerberos authentication "where 
GrantedAccountSID 1 is the SID of a client permitted to be a proxy 
of the user, and GrantedGroupSID2 is the SID of a group of clients, 
each of which is allowed to be a proxy. The dates in this example 
indicate the expiration dates for the proxy permissions for the 
respective principals. The third field of the proxy entry in this 
example identifies the services the proxy is allowed to access on 
behalf of the user. Such restriction data may be specified in many 
different ways with different granularity. For instance, this field may 
be used to specify groups or individual clients that the proxy can 
access. Alternatively, the field can provide a negative restriction by 
identifying those services the proxy should not be allowed to access. 
The field may identify specifically the directory the proxy is allowed 
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to access, as in the second proxy entry in the example." (col. 7, lines 
53 to col. 8, lines 40). 



Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in 
this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors 
Protection Act of 1999 (AIPA) and the Intellectual Property and High Technology 
Technical Amendments Act of 2002 do not apply when the reference is a U.S. 
patent resulting directly or indirectly from an international application filed 
before November 29, 2000. Therefore, the prior art date of the reference is 
determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- 
AIPA 35 U.S.C. 102(e)). 

40,43,46,48-50,52,53,55,57 and 63-64 are rejected under 35 U.S.C. 
102(e) as being anticipated by Swift et al US Patent Number (7,1 13,994), 
hereinafter "Swift". 

The applied reference has a common assignee or inventor with the 
instant application. Based upon the earlier effective U.S. filing date of the 
reference, it constitutes prior art under 35 U.S.C. 102(e). This rejection under 
35 U.S.C. 102(e) might be overcome either by a showing under 37 CFR 1.132 
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that any invention disclosed but not claimed in the reference was derived from 
the inventor of this application and is thus not the invention "by another," or 
by an appropriate showing under 37 CFR 1.131. 

As per claim 40 Swift teaches a method for constraining delegation of service 
requests made by a first server (proxy client 74, fig. 2) on behalf of client (client 
70, abstract and fig. 2) , the method comprising: 

receiving, at the first server, an authentication mechanism for the client, 
wherein the authentication mechanism is generated using a first 
authentication method ( col. 5, lines 4-40); 

sending a request to a trusted third-party to issue a first service ticket to 
the first server for the client, wherein the first service ticket is adapted to be 
used with a second authentication method, and wherein the second 
authentication method is different from the first authentication method (col. 5, 
lines 11-47. See also col. 2, lines 39-43)); 

receiving, at the first server, the first service ticket to the first server, 
wherein the first service ticket to the first server specifies that the first service 
ticket is delegable through the presence of a forwardable flag in the first service 
ticket (col. 5, lines 4-40 and fig. 2, items 84,82 and 90; col. 2, lines 16-43 and 
col. 8, lines 10-44 forwardable flag is interpreted information included in the 
proxy entry to specify what the proxy is allowed to do including restrictions on 
the permissions "where GrantedAccountSID 1 is the SID of a client permitted to 
be a proxy of the user, and GrantedGroupSID2 is the SID of a group of clients, 
each of which is allowed to be a proxy. . . The third field of the proxy entry in 
this example identifies the services the proxy is allowed to access on behalf of 
the user. Such restriction data may be specified in many different ways with 
different granularity. For instance, this field may be used to specify groups or 
individual clients that the proxy can access. Alternatively, the field can provide 
a negative restriction by identifying those services the proxy should not be 
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allowed to access. The field may identify specifically the directory the proxy is 
allowed to access, as in the second proxy entry in the example. "( col. 7, lines 53 
to col. 8, lines 40); 

requesting, by the first server, a target service ticket from the 
trusted third-party (trusted security server 80, fig. 2) configured for use by the 
first server to access the target service on behalf of the client (col. 5, lines 4-40 
and fig. 2, items 84,82 and 90, wherein the first server provides the trusted 
third-party with the first service ticket when requesting the target service 
ticket, and wherein the target service ticket is adapted to be used with the 
second authentication method (col. 2, lines 16-43 and col. 8, lines 10-44); and 
sending the target service ticket to the target server (target service 76); and 

sending the target service ticket to the target server (fig. 2, 92 and col. 
5,lines 49-55). 

As per claims 49-50, 57 and 62 Swift teaches the invention as explained in 
claim 40 (see also figures 1-4 and col. 4, lines 4-55). These claims include 
variations of similar limitations addressed in claim 1 above; therefore they are 
rejected with the same rationale. Regarding the determining of the presence of 
forwardable flag in the first service, Swift teaches information included in the 
proxy entry is interpreted to specify what the proxy is allowed to do including 
restrictions on the permissions "where GrantedAccountSID 1 is the SID of a 
client permitted to be a proxy of the user, and GrantedGroupSID2 is the SID of 
a group of clients, each of which is allowed to be a proxy. The dates in this 
example indicate the expiration dates for the proxy permissions for the 
respective principals. The third field of the proxy entry in this example 
identifies the services the proxy is allowed to access on behalf of the user. Such 
restriction data may be specified in many different ways with different 
granularity. For instance, this field may be used to specify groups or individual 
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clients that the proxy can access. Alternatively, the field can provide a negative 
restriction by identifying those services the proxy should not be allowed to 
access. The field may identify specifically the directory the proxy is allowed to 
access, as in the second proxy entry in the example." ticket (col. 5, lines 4-40 
and fig. 2, items 84,82 and 90; col. 2, lines 16-43 and col. 8, lines 10-44) 

In referring to claims 43 and 52 

• Where the target service ticket is configured for use by the server and the 

target service to which service is sought: See Figures 8 and 9 and (col. 5, 
lines 35-55). 

In referring to claims 46 and 55, 

• The server is a front-end server with respect to a back-end server that is 
coupled to the front-end server: The proxy is a front-end server with 
respect to the client 

• The back-end server is configured to provide the target service to 
which access is sought. The target service is a back -end server with 
respect to the client (see fig. 2) 

In referring to claims 48 and 64, wherein the second authentication method 
includes a Kerberos authentication protocol (fig. 3) 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 
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Claims 47, 56 and 63 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Swift in view of Freier et al. ("The SSL Protocol Version 3.0", 
18 Nov 1996, hereinafter "Freier"). Although Swift shows substantial features 
of the claimed invention, Swift does not show using SSL as the first 
authentication method. Nonetheless this feature is well known in the art 
and would have been an obvious modification to the system disclosed by 
Swift as evidenced by Freier. 

In analogous art, Freier discloses SSL version 3.0. Freier shows SSL can be 
used to provide communication privacy over the Internet (abstract). 

Given these teachings, a person of ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying the system of Swift 
so as to use SSL, such as taught by Freier, in order to provide security for 
applications that don't support Kerberos authentication (For example, 
Outlook and Netscape email clients). 

Conclusion 

5. ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded 
of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply 
is filed within TWO MONTHS of the mailing date of this final action and the 
advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on 
the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In 
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no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

The prior art made of record and not relied upon is considered pertinent 
to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Yasin Barqadle whose telephone 
number is 571-272-3947. The examiner can normally be reached on 9:00 AM 
to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Bunjob Jaroenchonwanit can be reached on 571-272- 
3913. The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http:/ / pair-direct.uspto.gov. Should you have questions on access 
to the Private PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 
Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Yasin M Barqadle/ 

Primary Examiner, Art Unit 2456 



